In 2020, security teams had to endure a great deal of chaos — not just from the events caused by the pandemic, but by a significant series of changes in the vulnerability landscape, according to Rapid7.
In its “2020 Vulnerability Intelligence Report,” released today, the security firm documented 50 vulnerabilities representing shifts that defenders had to contend with. Fourteen vulnerabilities were exploited by nation-state actors and cybercriminals in indiscriminate campaigns that impacted a wide variety of organizations, 16 vulnerabilities were used in targeted attacks by sophisticated actors, and 20 flaws have not yet been seen in the wild but are expected to be used by attackers in their campaigns.
The company delves into the threats to offer defenders a better understanding of what constituted dangerous vulnerabilities in 2020, says Caitlin Condon, manager of software engineering at Rapid7.
“There was a pervasive feeling in the information-security community, especially among defenders, that the sky was falling nearly all the time,” she says. “It is often very difficult for the people in charge of security to look at all the research materials and all the artifacts — at all the information about a vulnerability — and determine why a vulnerability may matter or not matter for their risk model.”
In the report, Rapid7 breaks down the threats into flaws exploited indiscriminately in widespread attacks (28%), security issues — often, zero-day vulnerabilities — used in targeted attacks (32%), and vulnerabilities the company considers to be impending threats (40%).
Among the most serious threats were attacks on network and security appliances that allowed the attacker to pivot from outside the network to the internal network. So-called network pivots were discovered in Citrix NetScaler, SonicWall SonicOS, Palo Alto Networks PAN-OS, and the Sophos XG Firewall.
“For many network defenders, June 29 through July 29, 2020 was a particularly nightmarish stretch of an already challenging year: No…